Chroot changes the apparent root on a linux system. Chroot is useful for patching into existing linux installs, and repairing system problems from a functioning linux system. Several linux distributions install procedures depend upon chroot. eg. Funtoo, Gentoo, Arch.
Common tasks chroot is used for:
- Installing stage3 tarballs.
- Installing stage4 tarballs.
- Reinstalling a bootloader.
- Rebuilding a kernel.
- Rebuilding an initramfs image.
- Upgrading, or downgrading packages.
- Resetting a forgotten password.
- Repairing a defunct network stack.
- Jailing processes to their own subdirectories so if they're compromised the hacker only has access to the directory & subdirectories that are chrooted.
Say you have 2 hard drives in your computer, /dev/sda1 is funtoo, and /dev/sdb1 is centos. we forgot the centos root password because we love funtoo, and rarely use cent, so it's password must be reset by external means. Virtual file system provided by the kernel are not actually on the hard drive so they must be inserted via -t proc & --rbind mount commands.
root # (funtoo) mkdir -p /mnt/cent root # (funtoo) mount /dev/sdb1 /mnt/cent root # (funtoo) mount -t proc none /mnt/cent/proc #this inserts funtoo's proc into cent since its a virtual file system provided by the kernel. root # (funtoo) mount --rbind /dev/ /mnt/cent/dev/ #same as above except for devices root # (funtoo) mount --rbind /sys/ /mnt/cent/sys/ #same as above... root # (funtoo) chroot /mnt/cent root # (centos) passwd
# (centos) is located @ # (funtoo) /mnt/cent yet acts as its own / under funtoos control within the chroot. The cent machine has absolutely no access to funtoo with exception to /proc /dev /sys directories. several cases can omit these mounts, such as for jailing processes.